Privacy Policy

PRIVACY POLICY

Last Updated: June 24, 2026

1. INTRODUCTION

Pylant Risk (“Pylant Risk,” “we,” “our,” or “us”) operates this website and provides services relating to global compliance risk management, compliance intelligence, investigations, evidence development, complaint coordination, remediation, crisis response, and related business activities.

This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you:

• Visit our website
• Submit a contact form
• Communicate with us
• Request or receive services
• Provide information relating to a compliance matter
• Otherwise interact with Pylant Risk

This Privacy Policy applies only to personal information. It does not generally apply to information relating solely to a company or other legal entity unless that information identifies or relates to an individual.

2. WHO WE ARE

Pylant Risk is an independent commercial risk management business.

Legal entity: Pylant Advisory LLC
Business name: Pylant Risk
Email: contact@pylantrisk.com
Website: www.pylantrisk.com

For applicable data-protection laws, the legal entity identified above generally acts as the controller of personal information collected through this website and its business activities.

3. INFORMATION WE COLLECT

A. Information You Provide

We may collect information you voluntarily provide, including:

• Name
• Email address
• Telephone number
• Company or organization name
• Job title and professional role
• Country or business location
• Business and contact information
• Details of a compliance concern or investigation request
• Product, seller, supplier, manufacturer, or marketplace information
• Certification, customs, supply-chain, environmental, or regulatory information
• Documents, screenshots, photographs, test reports, invoices, correspondence, or other evidence
• Information submitted through forms, email, calls, or meetings
• Billing, contracting, and payment-related information
• Any other information you choose to provide

B. Information Collected During Compliance Work

In connection with compliance intelligence, investigations, evidence development, or risk assessment, we may collect information concerning:

• Business owners, directors, officers, employees, agents, or representatives
• Sellers, suppliers, manufacturers, distributors, importers, or exporters
• Professional contacts and authorized representatives
• Marketplace accounts, listings, storefronts, and public profiles
• Public regulatory, certification, corporate, customs, court, or administrative records
• Product packaging, labels, documentation, and shipment information
• Communications provided by clients or relevant third parties
• Test-buy transactions and associated seller or fulfillment information
• Public statements, advertisements, product claims, and online content

We seek to limit collection to information reasonably relevant to the compliance, legal, commercial, investigative, or risk-management purpose involved.

C. Information Collected Automatically

Our website, hosting providers, analytics tools, security providers, and infrastructure providers may automatically collect:

• IP address
• Browser and device type
• Operating system
• Approximate geographic location
• Referring website
• Pages viewed
• Date and time of access
• Session and usage information
• Cookie or similar technology identifiers
• Security, diagnostic, and system logs

D. Information From Other Sources

We may receive information from:

• Clients and prospective clients
• Business partners
• Attorneys and professional advisors
• Laboratories and certification providers
• Marketplaces and e-commerce platforms
• Public authorities and regulatory databases
• Corporate, customs, court, or administrative records
• Public websites and social-media pages
• Data and research providers
• Suppliers, manufacturers, distributors, and other commercial parties
• Individuals reporting or responding to compliance concerns

4. HOW WE USE PERSONAL INFORMATION

We may use personal information to:

• Respond to inquiries and communications
• Evaluate whether to accept a matter
• Conduct compliance intelligence and risk assessments
• Investigate suspected compliance violations
• Verify identities, business relationships, products, claims, and records
• Organize, preserve, and analyze evidence
• Conduct or coordinate test buys and product reviews
• Prepare reports, risk assessments, and corrective-action recommendations
• Prepare or coordinate marketplace complaints and regulatory submissions
• Communicate with platforms, authorities, counterparties, attorneys, and professional advisors
• Support remediation, negotiation, dispute resolution, and crisis response
• Perform sanctions, conflict, fraud, and restricted-party screening
• Establish, administer, and enforce contracts
• Process payments and maintain business records
• Protect our rights, systems, personnel, clients, and operations
• Detect fraud, misuse, security threats, or unlawful activity
• Improve our website, services, methods, and communications
• Comply with legal, regulatory, tax, accounting, and reporting obligations
• Establish, exercise, or defend legal claims
• Send relevant business communications, subject to applicable law and opt-out rights

5. LEGAL BASES FOR PROCESSING

Where applicable law requires a legal basis, we may process personal information on one or more of the following grounds:

A. Contract

Processing may be necessary to take steps at your request before entering into a contract or to perform an agreement with you.

B. Legitimate Interests

We may process information where reasonably necessary for legitimate interests such as:

• Responding to business inquiries
• Evaluating and performing compliance-risk services
• Investigating suspected violations
• Protecting commercial, legal, and regulatory interests
• Preventing fraud and misuse
• Maintaining website and information security
• Managing professional and commercial relationships
• Establishing or defending legal claims

We consider whether those interests are outweighed by the rights and interests of affected individuals.

C. Legal Obligation

We may process information where required to comply with applicable laws, court orders, regulatory requirements, tax obligations, sanctions rules, or lawful governmental requests.

D. Consent

Where required, we may rely on consent, including for certain cookies, electronic marketing, or other optional processing. Consent may be withdrawn at any time, without affecting processing that occurred before withdrawal.

E. Legal Claims and Substantial Public Interests

Where permitted by law, certain information may be processed when necessary to establish, exercise, or defend legal claims, prevent unlawful activity, or address substantial regulatory or compliance concerns.

6. COMPLIANCE INVESTIGATIONS AND BUSINESS SUBMISSIONS

Users may submit information concerning:

• Market-access violations
• Mandatory certification failures
• False advertising or misleading claims
• Product-parameter discrepancies
• Customs, origin, or supply-chain concerns
• Environmental, chemical, or material risks
• Restricted products or high-risk commercial activities
• Marketplace or regulatory violations
• Corrective-action or crisis-response matters

Submitting information does not create:

• An attorney-client relationship
• A confidential or privileged legal relationship
• A professional engagement
• A partnership, joint venture, agency, or fiduciary relationship
• An obligation for Pylant Risk to investigate or act

Users should not submit information they are not authorized to disclose.

We may decline, restrict, delete, or discontinue review of information that appears irrelevant, unlawful, misleading, abusive, improperly obtained, or inconsistent with our business standards.

7. SENSITIVE AND CONFIDENTIAL INFORMATION

You should avoid sending:

• Government identification numbers
• Financial account credentials
• Passwords
• Medical information
• Highly sensitive personal data
• Privileged legal communications
• Trade secrets
• Unnecessary personal information about unrelated individuals

unless reasonably necessary and expressly requested through an appropriate and secure channel.

Information submitted through general website forms or ordinary email should not be treated as fully secure or legally privileged.

8. HOW WE SHARE INFORMATION

We do not sell personal information for monetary consideration.

We may disclose personal information where reasonably necessary to:

A. Service Providers

We may use providers supporting:

• Website hosting
• Cloud storage
• Email and communications
• Cybersecurity
• Analytics
• Customer and matter management
• Document processing
• Payment processing
• Accounting and administration

These providers may process information on our behalf subject to applicable contractual and legal restrictions.

B. Professional Advisors and Specialists

Information may be shared with independent:

• Attorneys
• Investigators
• Laboratories
• Certification specialists
• Customs and trade professionals
• Engineers and technical experts
• Regulatory consultants
• Public-relations and crisis professionals
• Other specialists relevant to a matter

Such parties may operate as independent controllers or service providers under their own terms and privacy obligations.

C. Platforms, Authorities, and Counterparties

Where authorized or otherwise lawful, relevant information may be disclosed to:

• E-commerce platforms
• Payment or service platforms
• Certification bodies
• Customs authorities
• Regulators
• Government agencies
• Courts or tribunals
• Business counterparties
• Parties involved in remediation, investigation, negotiation, or dispute resolution

We seek to disclose only information reasonably necessary for the relevant purpose.

D. Legal and Protective Disclosures

We may disclose information where reasonably necessary to:

• Comply with law, regulation, court order, subpoena, or lawful process
• Respond to governmental or regulatory requests
• Investigate fraud, abuse, threats, or unlawful activity
• Protect legal rights, safety, property, or business operations
• Establish, exercise, or defend legal claims

E. Business Transactions

Information may be transferred in connection with a merger, acquisition, financing, restructuring, sale of assets, succession, or similar business transaction, subject to appropriate safeguards where required.

9. MARKETING AND BUSINESS COMMUNICATIONS

We may send business communications concerning our services where permitted by applicable law.

Communications may be based on:

• A prior inquiry or business relationship
• Consent, where required
• Publicly available professional contact information
• Legitimate business interests, where permitted

Recipients may opt out of non-essential marketing communications by:

• Using an unsubscribe link, where provided
• Replying with an opt-out request
• Contacting us at contact@[your domain]

Opting out of marketing does not prevent us from sending necessary transactional, contractual, security, legal, or matter-related communications.

10. COOKIES AND ANALYTICS

Our website may use cookies and similar technologies for:

• Essential website operation
• Security and fraud prevention
• Remembering user preferences
• Traffic and performance measurement
• Website analytics
• Improving functionality and user experience

Where required by law, non-essential cookies will be used only after appropriate notice or consent.

Users may manage cookies through browser settings or any cookie-control tool made available on the website. Disabling some cookies may affect website functionality.

The specific cookies and analytics providers actually used should be identified in a separate Cookie Notice or consent interface where required.

11. DATA RETENTION

We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, including:

• Responding to inquiries
• Evaluating or performing services
• Maintaining investigation and evidence records
• Managing contracts and business relationships
• Complying with legal, tax, accounting, sanctions, or regulatory obligations
• Resolving disputes
• Establishing or defending legal claims
• Maintaining security and preventing abuse

Retention periods depend on:

• The type and sensitivity of the information
• The nature and status of the matter
• Contractual requirements
• Applicable limitation periods
• Legal and regulatory obligations
• Evidentiary and dispute-related needs

Information may be deleted, anonymized, or securely archived when no longer reasonably required.

12. INFORMATION SECURITY

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, alteration, disclosure, loss, or misuse.

However, no website, email system, storage system, or internet transmission method can be guaranteed completely secure.

Users are responsible for selecting appropriate communication channels and limiting the sensitive information they transmit.

13. INTERNATIONAL DATA TRANSFERS

Pylant Risk operates in an international business environment.

Personal information may be accessed, processed, or stored in countries other than the country in which it was collected, including the United States and jurisdictions in which our service providers, advisors, clients, platforms, or counterparties operate.

Where required by applicable law, we may use appropriate transfer mechanisms or safeguards, such as:

• Contractual data-protection clauses
• Data-processing agreements
• Adequacy decisions
• Transfer risk assessments
• Other legally recognized safeguards

Laws in recipient jurisdictions may differ from those in your country.

14. YOUR PRIVACY RIGHTS

Depending on your location and applicable law, you may have the right to:

• Request access to personal information
• Request correction of inaccurate information
• Request deletion of personal information
• Request restriction of processing
• Object to certain processing
• Withdraw consent
• Request data portability
• Opt out of certain marketing communications
• Request information about categories of data collected or disclosed
• Lodge a complaint with an applicable data-protection authority
• Exercise other rights available under local law

These rights may be subject to exceptions, including where information must be retained for:

• Legal obligations
• Compliance investigations
• Contract performance
• Fraud prevention
• Security
• Freedom of expression
• Establishing, exercising, or defending legal claims

To submit a request, contact:

contact@pylantrisk.com

We may request information reasonably necessary to verify identity and authority before acting on a request.

Authorized agents may submit requests where permitted by law, subject to appropriate verification.

15. CALIFORNIA PRIVACY NOTICE

Where the California Consumer Privacy Act or related California privacy laws apply, California residents may have rights to:

• Know the categories and specific pieces of personal information collected
• Know the sources, purposes, and categories of recipients
• Request correction or deletion
• Opt out of the sale or sharing of personal information
• Limit certain uses of sensitive personal information
• Receive equal treatment for exercising privacy rights

Pylant Risk does not knowingly sell personal information for monetary consideration.

If our use of advertising or analytics technologies constitutes “sharing” under applicable California law, we will provide any legally required opt-out mechanism.

These rights apply only where the relevant law applies to Pylant Risk and the particular processing activity.

16. EUROPEAN ECONOMIC AREA, UNITED KINGDOM, AND SWITZERLAND

Where applicable data-protection law applies, individuals may contact us regarding:

• The purposes and lawful bases for processing
• Categories and sources of personal information
• Recipients of personal information
• Retention periods
• International transfers
• Applicable privacy rights
• A copy of relevant safeguards, where legally required

Individuals may also lodge a complaint with the data-protection authority in their country or region.

Nothing in this Privacy Policy limits rights that cannot lawfully be waived.

17. CHILDREN’S PRIVACY

This website and our services are intended for business and professional users and are not directed to children.

We do not knowingly collect personal information from children under 13 through this website.

Individuals under 18 should not submit personal information without appropriate parental or guardian authorization.

If we learn that personal information was collected from a child in violation of applicable law, we will take reasonable steps to delete or otherwise address it.

18. THIRD-PARTY WEBSITES AND SERVICES

Our website may link to third-party websites, platforms, databases, regulators, authorities, or service providers.

We do not control their privacy, security, content, or data-processing practices.

Users should review the privacy policies of third parties before providing them with personal information.

19. AUTOMATED DECISION-MAKING

Unless otherwise disclosed, we do not use personal information collected through this website to make decisions based solely on automated processing that produce legal or similarly significant effects on individuals.

We may use technology to assist with research, screening, organization, fraud detection, or risk analysis, but material decisions are subject to appropriate human review where required.

20. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy to reflect changes in:

• Our services
• Our data practices
• Technology
• Legal or regulatory requirements
• Business operations

The revised version will be posted on this page with an updated “Last Updated” date.

Where legally required, we may provide additional notice of material changes.

21. CONTACT INFORMATION

Pylant Risk
Operated by: Pylant Advisory LLC

Email: contact@pylantrisk.com
Website: www.pylantrisk.com
Business address: 30 N Gould St, Ste N, Sheridan, WY 82801 USA